ThoughtWorks is a global software consultancy with an aim to create a positive impact on the world through technology. Our community of technologists thinks disruptively to deliver pragmatic solutions for our clients' most complex challenges. We are curious minds who come together as collaborative and inclusive teams to push boundaries, free to be ourselves and make our mark in tech. Our developers have been contributing code to major organizations and open source projects for over 25 years. They’ve also been writing books, speaking at conferences and helping push software development forward, changing companies and even industries along the way. We passionately believe that software quality is driven by open communication, review and collaboration. That’s why we’re such vehement supporters of open source and have made significant contributions to open source tools for testing, continuous delivery (GoCD), continuous integration (CruiseControl), machine learning and healthcare.
As consultants, we work with our clients to ensure we’re evolving their technology and empowering adaptive mindsets to meet their business goals. You could influence the digital strategy of a retail giant, build a bold new mobile application for a bank or redesign platforms using event sourcing and intelligent data pipelines. You will learn how to apply the latest Lean and Agile thinking, create pragmatic solutions to solve mission-critical problems and challenge yourself every day.
We’re looking for an experienced security consultant working out of any of the TWI offices. This is indeed a hands-on tech oriented position.
- You will be involved in standard security practices,
- You will be implementing security automation, working with delivery teams as well as networks and infrastructure support teams.
- We want someone who can talk the language of software product delivery teams and work collaboratively with them to reduce risks related to code development, system architecture and infrastructure.
- It will help if you have experience working in delivery teams using agile development methodologies and practices.
Here is what we are looking for:
- 4-8 years experience working as a security engineer which includes responsibilities working directly with delivery teams to review code and systems architecture for vulnerabilities.
- In-depth knowledge and experience with OWASP and SANS standards
- Experience in manual and automation penetration testing tools and techniques.
- Experience with at least 1 popular tool in each category of SAST, DAST, Dependency checking, and container vulnerability assessment. Hands On experience with tools such as Checkmarx, BurpSuite, ZAP, Fortify, Aqua,Nessus, Qualis, Veracode, etc.
- Experience in password/secret management tools and techniques
- Has Knowledge & working experience of DevSecOps and security automation in CI/CD pipelines
- In-depth understanding of web technologies, common web frameworks, their vulnerabilities and mitigations
- Has experience of integrating security tooling to build pipelines and generating continuous security feedback for Agile teams.
- Basic understanding of cloud, virtualisation, container, network and OS security.
- Excellent communication and interpersonal skills
As an Application Security Specialist, you will have an opportunity to
- Embed security throughout the lifecycle of software delivery
- Building and defining security practices
- Be able to automate and optimize security as per application lifecycle.
- Play a consultant and advisory role to delivery team and clients
Regardless of what you do at ThoughtWorks, you’ll always have the opportunity to
- Think through hard problems, and work with a team to make them reality.
- Learn something new every day.
- Work in a dynamic, collaborative, transparent, non-hierarchical, and ego-free culture where your talent is valued over a role title.
- Speak at conferences.
- Write blogs and books.
- Develop your career outside of the confinements of a traditional career path by focusing on what you’re passionate about rather than a predetermined one-size-fits-all plan.
- Be part of a company with Social and Economic Justice at the heart of its mission.